Home / malware Trojan:Win32/Lopei.A
First posted on 24 January 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Lopei.A.
Explanation :
Threat behavior Trojan:Win32/Lopei.A is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
Installation
Trojan:Win32/Lopei.A creates the following files on your PC:
- c:\documents and settings\administrator\local settings\temp\rarsfx0\mc.exe
- c:\documents and settings\administrator\local settings\temp\rarsfx0\mcutil.dll - detected as Trojan:Win32/Lopei.A
- c:\documents and settings\administrator\local settings\temp\rarsfx0\mcutil.dll.url
- c:\documents and settings\all users\wsys\mc.exe
- c:\documents and settings\all users\wsys\mcutil.dll - detected as Trojan:Win32/Lopei.A
- c:\documents and settings\all users\wsys\mcutil.dll.url
Payload
Stops processes
Trojan:Win32/Lopei.A can stop the following processes:
Contacts remote host
- Mc.exe
The malware might contact a remote host at 184.82.181.179 using port 443. Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 2f4eb0911c7fa977461785d232230dbb563bf420.Symptoms
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
c:\documents and settings\administrator\local settings\temp\rarsfx0\mc.exe
- You have these files:
c:\documents and settings\administrator\local settings\temp\rarsfx0\mcutil.dll
c:\documents and settings\administrator\local settings\temp\rarsfx0\mcutil.dll.url
c:\documents and settings\all users\wsys\mc.exe
c:\documents and settings\all users\wsys\mcutil.dll
c:\documents and settings\all users\wsys\mcutil.dll.urlLast update 24 January 2014
